Transmission Control Protocol/Internet Protocol (TCP/IP) is a connection-oriented, Internet-standard, routable protocol in use on a majority of networks, including the Internet. The protocol suite supports connectivity across a number of dissimilar platforms and supports the main workload of most enterprises today that are designed in a client/server configuration.

Some subtle changes have been incorporated into the TCP/IP suite for Windows Server 2003. Internet Group Management Protocol (IGMP) version 3 adds support for source-based filtering and reporting while maintaining backward-compatibility with version 2. You can also use other settings so that systems can be configured to use an alternate, manually configured IP address instead of one that a Dynamic Host Configuration Protocol (DHCP) server provides. Autoconfiguration of the enabled network card interface (NIC) metric is also available; this feature determines the best routing metric for each interface's default gateway, based on its speed. Support for TCP/IP version 6 has also been added in Windows Server 2003.

Overview of TCP/IP

TCP/IP is a network communication protocol suite. It can be used as a communications protocol on private networks and is the default protocol in use on the Internet. When you set up any system to have direct access to the Internet, whether it is via dial-up or a high-speed technology, your system needs to use TCP/IP whether it is a Windows-based system or not.

Also, if systems need to communicate to other TCP/IP systems on the local area network (LAN) or wide area network (WAN), they often use TCP/IP as well.

NOTE

Indirectly connected computers, such as those on a LAN that connect to the Internet via certain default gateways, certain types of routers, proxy servers, or other indirect means, do not necessarily need to use TCP/IP. They need to use only the network protocol in use on the LAN, and that LAN protocol communicates with the directly connecting mechanism (default gateway, router, proxy server, or other direct device). That directly connected device needs to use the Internet default protocol of TCP/IP.

For Internet Security and Acceleration (ISA) servers, systems must use TCP/IP because it is the supported protocol for ISA.

OSI Model

TCP/IP is technically made up of two protocols. The upper layer, Transmission Control Protocol, is responsible for breaking data down into smaller packets to be transmitted over the network from a sending system (local and Internet), and the TCP layer on the receiving system reassembles the packets it receives into the original data structure. The lower layer, Internet Protocol, addresses each packet so that it gets delivered to the correct remote system. Each routing device on the network, be it a hardware router or a server system performing routing functions, checks the destination address to see where to forward the message.

The TCP/IP protocol suite maps to a four-layer conceptual model, which parallels the seven-layer Open Systems Interconnect (OSI) protocol model described in the following list:

Physical layer—This layer defines the interface between the network medium (such as ethernet or token ring) and the hardware device (such as a NIC). Multiplexers, hubs, and repeaters are just a few examples of the components found at this layer of the OSI model.

Data Link layer—This layer is divided into two sublayers: Logical Link Control (LLC), which handles error correction and flow control, and Media Access Control (MAC), which handles communication with the NIC. Bridges and switches are components that operate at this layer of the OSI model.

Network layer—This layer translates logical network address and names to MAC addresses for routing data packets over a network. A number of protocols run at the Network layer, including IP, Address Resolution Protocol (ARP), Reverse ARP (RARP), Internet Control Message Protocol (ICMP), Routing Information Protocol (RIP), Open Shortest Path First (OSPF), IGMP, Internetwork Packet Exchange (IPX), NWLink (the Microsoft version of the IPX/SPX protocol suite), and NetBIOS Enhanced User Interface (NetBEUI). Brouters, routers, and some types of ATM switches can be found at this layer of the OSI model.

Transport layer—This layer provides an additional connection below the Session layer and assists with managing some data flow control between hosts. Data is divided into packets on the sending node, and the receiving node's Transport layer reassembles the message from packets. This layer is also responsible for error checking to guarantee error-free data delivery, and requests a retransmission if necessary. It is also responsible for sending acknowledgments of successful transmissions back to the sending host. A number of protocols run at the Transport layer, including TCP, ARP, RARP, Sequenced Packet Exchange (SPX), and NWLink. Gateways and certain types of routers can be found at this layer of the OSI model.

Session layer—This layer establishes, maintains, and ends sessions between transmitting hosts and controls which host can transmit data at a given interval and for how long. A number of protocols run at the Session layer, including Named Pipes, NetBIOS Names, Remote Procedure Calls (RPC), and Mail Slots. Gateways and certain types of proxy servers operate at this layer of the OSI model.

Presentation layer—This layer translates data from the way applications understand it to the way networks understand it. It is responsible for protocol conversions, data encryption and decryption, and data compression and decompression when the network is considered. Gateways and certain types of redirectors operate at this layer of the OSI model. There are no protocols that normally operate in this layer of the OSI model.

The four-layer conceptual model for the TCP/IP protocol suite is as follows:

Network Interface layer—This layer is responsible for putting bits on the wire and correlates closely with the OSI model's Physical layer and Data Link layer.

Internet layer—This layer is responsible for encapsulating data packets into Internet datagrams. The Internet layer correlates, for the most part, with the OSI model's Network layer. Four Internet protocols operate at this layer:

IP supports connectionless packet delivery for all other protocols, such as TCP or User Datagram Protocol (UDP). IP does not guarantee packet arrival or correct packet sequence, nor does it acknowledge packet delivery. These tasks are left to the application using the network or higher-level protocols, such as TCP. IP is responsible for addressing and routing packets only; error correction is left to the application or to higher-level protocols.

ARP is responsible for mapping IP addresses to physical machine addresses called MAC addresses. IP broadcasts a special ARP inquiry packet containing the destination system's IP address, and that system replies by sending its physical address to the requester.

ICMP is charged with message control and error-reporting between network hosts. Higher-level protocols use this information to recover from transmission errors.

IGMP allows hosts to report their multicast group membership to multicast routers. With multicasting, hosts can send multicast traffic to a single MAC address, so multiple nodes can process the traffic.

TCP is a connection-oriented protocol that guarantees data delivery by assigning a sequence number to each transmitted data segment so that the receiving host can send an acknowledgment (ACK) to verify that the data was received intact. If an ACK is not received or there was a transmission error, the data is sent again.

UDP is a connectionless protocol that does not guarantee delivery or correct sequencing of packets. Applications that use UDP are typically tasked with the responsibility of ensuring data delivery because the protocol does not. UDP is often used instead of TCP because of its lower overhead. TFTP is an example of an application that uses UDP.

Application layer—This layer is where network-aware applications operate. Network applications most commonly use two TCP/IP services, Winsock and the NetBT interface.

IP Addressing

IP version 4 (IPv4) addresses are made up of four 8-bit fields (octets)—32 bits total. There are five IPv4 address classes: A, B, C, D, and E.

IPv4 addresses consist of a network ID and a host ID. The network ID identifies the numeric network name of the physical network where the hosts exist. The host ID identifies the numeric network name of the individual TCP/IP host on a network. For example, in the Class A IP address 10.0.0.1, 10 represents the network ID and 0.0.1 represents the host ID. The numeric host ID must be unique on the internal network—that is, no two nodes on a network can have the same network ID and host ID. Using the previous example, only one host can be assigned the host ID of 0.0.1 on the given network.

NOTE

You can have two hosts with the same numeric IP hostname of 16.72.28 if one is on network 111 and another is on network 112. (The full IP addresses of these hosts would be 111.16.72.28 and 112.16.72.28. The subnet mask would be 255.0.0.0.)

A subnet mask is used to divide an entire TCP/IP address in an effort to define which part of the address is the network number and which part is the host system's numeric identifier. The bits in a subnet mask are set consecutively from left to right. For example, the subnet mask 255.128.0.0 is valid because all eight bits are set in the first two octets and the first bit of the next octet is also set (11111111.10000000.00000000.00000000). The subnet mask 255.64.0.0 is not valid because it has a "missing" bit, which is not allowed (11111111.01000000. 00000000.00000000).

NOTE

Bit values are held to a specific order, from the Most Significant Bit (MSB) to the Least Significant Bit (LSB). From left to right, these designations are 128, 64, 32, 16, 8, 4, 2, and 1. Each bit that's set is noted by a "1" (showing that the bit is "on" or "enabled"), and bits are added together to give you the address. The IPv4 address 171.144.62.12 converts to a binary number of 10101011.10010000.00111110.00001100.

EXAM ALERT

You need to have a fairly good understanding of host IDs, network IDs, subnetting, and masks for just about any Microsoft certification exam. Any exams that introduce information about networking require you to have at least basic knowledge of TCP/IP addressing.

Subnet Masks

When assigning IP addresses, each host requires a subnet mask to determine which part of an IP address to use as the network ID and which to use as the host ID.

The default subnet masks for the three IP address classes are

Class A - 255.0.0.0

Class B - 255.255.0.0

Class C - 255.255.255.0

For example, the default subnet mask for a Class C address is 255.255.255.0, which means the first three octets identify the network and the last octet indentifies the host.

The subnet mask is also used to determine whether the destination host is on the local subnet or a remote subnet. The subnet mask of the local host is compared against the IP address of the destination host and, through a process known as anding, it is determined whether the destination IP address is the local or a remote network. If the destination IP address within a packet is on a remote network, the packet is sent to the default gateway.

Basically, the number of 1's in the binary address of the subnet mask are masked against the IP address to determine if the address is on the local network or a remote network. When the bits of the subnet mask are compared against the bits in the IP address, all combinations of 1's and 0's result in a value of 0, except for 1 and 1, which results in a value of 1.

Let's take at an example of how this process works. The source host has an IP address of 192.168.0.10 and a subnet mask of 255.255.255.0. The destination host has an IP address of 192.168.20.2.

IP address 11000000 10101000 00000000 00001010 (192.168.0.10)

Subnet mask 11111111 11111111 11111111 00000000 (255.255.255.0)

Results 11000000 10101000 00000000 00000000

IP address 11000000 10101000 00010010 00000010 (192.168.20.20)

Subnet mask 11111111 11111111 11111111 00000000 (255.255.255.0)

Results 11000000 10101000 00010010 00000000

As you can see from the preceding example, the source IP address is anded against the subnet mask. The destination address is anded against the subnet mask assigned to the source host. If the results are not the same, the destination host is on a different network or subnet. Conversely, if the results are the same, it is determined that the destination host is on the local network.

The original IP definitions set five classes of IP addresses, from A through E. (A, B, and C are for general-purpose use, D is used for multicasting, and E is reserved.) These classes made it possible to use one portion of the 32-bit IP address scheme for the network address and the remaining portion for nodes on the network.

In the past, some networks needed more addresses for systems than the 254 a Class C address supplies. This was a major contribution to the shortage of IP addresses. Organizations often requested a Class B range that offered 65,534 available addresses rather than a few Class C ranges that might have suited their needs. The result was that many addresses within their allotted Class B blocks went unused.

However, Classless Inter-Domain Routing (CIDR) addressing is now used more often for IPv4 addressing schemes. It effectively "removes" the class from an address for the purpose of combining ranges, so it makes better use of the limited number of remaining available IPv4 addresses. A CIDR network address looks like this:

222.175.14.00/18

The network address is 222.175.14.00. The /18 specifies that the first 18 bits of the address are the network part of the address, which leaves the last 14 bits for the network hosts' address.

Both Border Gateway Protocol (BGP) and OSPF support CIDR. Older gateway protocols, such as Exterior Gateway Protocol (EGP) and Routing Information Protocol version 1 (RIPv1), do not support CIDR. Because CIDR supports multiple subnet masks per subnet, it requires routers that support more advanced interior routing protocols, such as RIPv2 and OSPF.

NOTE

A, B, and C class networks support a single subnet mask and can use RIPv1.

Create an IP Subnet Scheme

Implementing subnets helps control network traffic and enables network administrators to create smaller collision domains. Every node on the same physical ethernet network sees all data packets sent out on the network, which results in multiple collisions and affects network performance. Routers or gateways separate networks into subnets. Subnet masks on each node allow nodes on the same subnetwork to continue communicating with one another and with the routers or gateways they use to send their messages.

Subnet masking enables you to identify the network ID and host (node) ID of an IP address. The following example is a default Class B subnet mask:

To subnet networks further, more bits can be added to the subnet mask for a class of addresses.

The following example is a Class B address using an additional bit subnet mask of 240. Notice that instead of having the single subnet and 65,534 hosts per subnet allowed under the default subnet mask, you can have up to 16 subnets with up to 4,094 hosts per subnet by using a subnet mask of 255.255.240.000 (Table 3.1 shows a sample IP addressing scheme):

When you use standard subnet masks in classful IP addressing schemes, you can plan how many hosts you can support per subnet and how many subnets are available for use. Table 3.2 shows classful IP addressing schemes and uses 255.x.0.0 as the default mask for Class A addresses, 255.255.x.0 as the default mask for Class B class addresses, and 255.255.255.x as the mask for Class C addresses. In these classes, the X is the subnet mask variable in the table's Subnet Mask column. The table identifies how many subnets ID are supported by each subnet mask and the maximum number of hosts per subnet.

Table 3.2. Subnet Masking for Classful IP Addressing

Subnet Mask

Number of Subnets in Classful Range

Number of Class A Hosts per Subnet

Number of Class B Hosts per Subnet

Number of Class C Hosts per Subnet

0

1

16,777,214

65,534

254

128

2

8,388,606

32,766

126

192

4

4,194,302

16,382

62

224

8

2,097,150

8,190

30

240

16

1,048,574

4,094

14

248

32

524,286

2,046

6

252

64

262,142

1,022

2

254

128

131,070

510

N/A

255

256

65,534

254

N/A

IP Address Classes

IP addresses are organized into different address classes that define the number of bits out of the 32 that are used to identify the network and which are used to identify hosts on a network. By examining the address classes, you can also determine the number of networks and the number of hosts.

TCP/IP Class A Addresses

Class A addresses have an official start address of 0.0.0.0 and an official ending address of 127.255.255.255. However, the last usable client address in the range is 126.255.255.254 because the 127.x.x.x range is used for internal host loopback.

The full range of addresses that can be assigned to hosts is 1.0.0.1 to 126.255.255.254, with 126.255.255.255 as the broadcast address. The local host uses 0.0.0.0 when it has been configured to use a DHCP server but cannot reach one and cannot assign itself an address using APIPA. (This situation would be unusual.)

There are 126 Class A networks total, and each is allowed to have up to 16,777,214 hosts.

Three IP network addresses are reserved for private networks as defined in Request for Comment (RFC) 1918. The Class A range is 10.0.0.0 to 10.255.255.255, with a subnet mask of 255.0.0.0.

These addresses can be used by anyone setting up internal IP networks, such as a lab or home LAN behind a Network Address Translation (NAT) server, proxy server, or router. It is always safe to use them because routers on the Internet never forward packets coming from these addresses.

TCP/IP Class B Addresses

The Class B range of IP addresses starts with address 128.0.0.0 and ends at address 191.255.255.255. IP addresses 128.0.0.1 to 191.255.255.254 are the usable range of Class B addresses for node assignment.

Three IP network addresses are reserved for private networks, as defined in RFC 1918. The Class B range is 172.16.0.0 to 172.31.255.255, with the subnet mask 255.240.0.0. These addresses can be used by anyone setting up internal IP networks, such as a lab or home LAN behind a NAT server, proxy server, or router. It is always safe to use these addresses because routers on the Internet never forward packets coming from these addresses.

TCP/IP Class C Addresses

The Class C range of IP addresses starts at address 192.0.0.0 and ends at 223.255.255.255. IP addresses 192.0.0.1 to 223.255.255.254 are the usable range of Class C addresses for node assignment.

Three IP network addresses are reserved for private networks, as defined in RFC 1918. The Class C range is 192.168.0.0 to 192.168.255.255, with the subnet mask 255.255.0.0. These addresses can be used by anyone setting up internal IP networks, such as a lab or home LAN behind a NAT server, proxy server, or router. It is always safe to use them because routers on the Internet never forward packets coming from these addresses.

TCP/IP Class D Addresses

The Class D IP addresses range from 224.0.0.0 through 239.255.255.255. Internet Assigned Numbers Authority (IANA) has set aside this range as a special class of addresses for multicast uses. ISPs are unable to allocate Class D address space to their customers because IANA is the only body through which these addresses can be allocated.

Allocation of Class D addresses is required only if you want to be a multicast source. You can still receive multicast data without needing a separate Class D address.

TCP/IP Class E Addresses

IANA has set aside Class E IP addresses from 240.0.0.0 to 254.255.255.255 as a special class of addresses for experimental and future use. The IP address 255.255.255.255 broadcasts to all hosts on the local network and, therefore, is not considered part of the Class E IP addresses.

Well-Known Ports

A number of well-known ports (0–1023) are used by different services on computers. For a single IP address on one system to offer all possible services to a network, each service must function on its own TCP or UDP port from that IP address.

You can find a helpful table at http://www.networksorcery.com that includes links to definitions and additional notes for some services. The following ports and associated protocols are the most important ones to remember for the certification exam: